Network Penetration and Security

Northwestern EECS, Fall Quarter 2016

Web Attacks

Description

For this project, you will exploit four web based vulnerabilities. They are running on a webserver hosted on netsec-projects.cs.northwestern.edu, port 5000. For each exploit, you will find a flag which is associated with your username. To submit your flags, put them in the file called flags.txt, and run the submit script as usual. Here is a little information about each of the vulnerabilities:

Vulnerability 1: This is a SQL injection attack, and we are giving you the most information about this attack. There is a column of flags displayed. One of these is yours. The MySQL table that holds these flags also has a column called name. The flag you want to submit has your username set in that column.

Vulnerability 2: This is a more in depth SQL injection attack.

Vulnerability 3: This is a basic session stealing attack using cross-site scripting. In order to have the administrator view the page (so you can steal his cookie), click "Force Admin Login".

Vulnerability 4: This is a similar session stealing attack, except using more advanced cross-site scripting techniques.

Tips

The user who's session you are trying to steal for each of the last two parts is logging in from behind the firewall, i.e., accesses the site by visiting netsec-projects.cs.northwestern.edu directly, not via localhost and port forwarding like you.

For any XSS you write, it is not recommended that you communicate with any server other than netsec-projects because of potential firewall issues.

Accessing from home

In order to do this project from home, you will have to forward ports since there's a firewall on netsec-projects. Execute the following command:ssh -N -L 9000:netsec-projects.cs.northwestern.edu:5000 hamsa.cs.northwestern.edu

Now in your web browser, you will be able to access the project by visiting http://localhost:9000/.